Search FCW

Advanced Search
Subscribe Now!
Table of Contents
Sprint
Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Training and Certification
Workforce

More Topics
resourcecenter
Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar
researchstore
resourcecenter
Communications for Continuity Operations

Oracle Resource Center
NEW - Data Center Virtualization
NEW - Air Force ELSG Contract Guide
NEW - Security Management
NEW - DOD and Security Guide
Networx Contract Guide
SEWP IV Contract Guide
Priority Report: Virtualization
NEW - CHESS formerly ASCP
New - SATCOM II

More >>



Latest News
ADVERTISEMENT




 

Lawmakers press State, Commerce on cyber break-ins

By FCW Staff
Published on April 20, 2007

Comment

Click here to comment on this article

Related story links

Cybersecurity defense requires a good offense

NATO, DOD to sign cybersecurity pact

Newsletters

You might also be interested in these FCW newsletters:

Daily

To learn more, click here.

The chairman of a House Homeland Security subcommittee confronted a State Department official about whether the department had responded appropriately to a computer system intrusion last year.

Rep. James Langevin (D-R.I.), chairman of the Homeland Security Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology told Donald Reid, State’s senior coordinator for security infrastructure, at a hearing yesterday that State had not correctly balanced business continuity and national security considerations in the face of the incident.

“I am not satisfied that the State Department has given proper weight to protecting national security,” Langevin said.

The hacking event, the details of which were revealed for the first time at yesterday’s hearing, occurred in May 2006, when a State employee opened a Microsoft Word e-mail attachment embedded malicious code. The code established backdoor communications outside the department’s network.

Lawmakers also questioned Dave Jarrell, manager of the critical infrastructure protection program at the Commerce Department, about an intrusion into that department’s computer system that it discovered in July 2006. That incident led to the quarantining of several Commerce computers and to the implementation of enhanced cybersecurity protocols. Jarrell also indicated that a forensic inspection could not determine the date of the original penetration.

The State incident “led to the discovery of a previously unknown operating system vulnerability for which no security patch existed,” Reid said. As a result, a State task force “developed a temporary wrapper that would protect systems from being exploited further, but would not fix the vulnerability.”

Langevin criticized State for taking the temporary-wrapper approach, saying it was not prescribed for the threat presented, and for not more aggressively disconnecting department computers from the Internet.

Reid replied that a temporary fix was necessary because “it takes Microsoft two months or longer to issue a new security patch.”

Reid also defended the decision not to take State computers off-line saying, “There is a business case to be made here. Our consular offices issue passports and visas. If you take the system off-line, all this comes to screeching halt. We felt the risks were worth it.”

upcoming event

Enterprise Architecture 2008 - Washington, DC
September 9 - September 10, 2008

Occupational Health & Safety Executive Summit - Arlington, VA
October 6 - October 7, 2008


 

head
fcw
issue
First Name State
Last Name Zip
Title Email
     

Home | About | Contact | Customer Help | Privacy Policy | Editorial Info | Advertise | Link policy / Reprints | Site Map


1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.